Research Dashboard Login

451 Research - Biography

Wendy Nather
Research Director, Security

Wendy Nather is Research Director, Security, within 451 Research's Enterprise Security Program, providing analysis on the current state of security from the perspective of a veteran CISO. Wendy's primary areas of coverage are application security, identity and access management, threat intelligence, and security services.

Wendy joined 451 Research after five years building and managing all aspects of the IT security program at the Texas Education Agency, which serves 4.6 million Texas students. In that position, she directed multimillion-dollar initiatives for a statewide external user base of over 50,000. She also provided security guidance for the datacenter consolidation of 27 Texas state agencies.

Wendy previously worked in various roles in the investment banking division of Swiss Bank Corp (now UBS), including helping to build Europe's then-largest private trading floor. Based in Chicago, Zurich and London, she also served as the first IT Security Director for the EMEA region, managing the security aspects of various mergers, IT operations outsourcing and the division's first Internet presence. Wendy is coauthor of the book The Cloud Security Rules, and was named one of Tripwire's "Top 25 Influencers in Security You Should Be Following." She was also featured as a "Power Player" in security by SC Magazine in 2014.

Wendy is based in Austin, Texas. You can follow her on Twitter at @451Wendy.

Reports by this Analyst

Analytics: security's 'spackle'
MIS Spotlight - March, 2015
The number of security technologies is growing, but there are still gaps that need minding. To illustrate how analytics can help fill in the missing pieces, we've selected a few examples from our extensive vendor collection.
Now showing: Recorded Future creates threat intel from unstructured Web data
MIS Impact Report - March, 2015
Recorded Future has its roots in data visualization, and has taken that tack in addressing the challenges of analyzing natural-language-based threat intelligence. The vendor's goal is to make it easy for analysts to see everything on the open Web.
Proofpoint acquires Emerging Threats to combat just that
TDM Deal Analysis - March, 2015
Proofpoint has inked another deal – its largest yet. Highly automated and cloud-friendly Emerging Threats will add to the acquirer's intelligence capabilities and boost its responsiveness to attacks. Proofpoint is paying $40m in cash and stock.
Soltra disrupts the market for threat-intelligence sharing with vendor-agnostic platform
MIS Impact Report - February, 2015
Two highly influential organizations, the FS-ISAC and DTCC, got together and started building their own platform, called Soltra Edge. It's a welcome step in some quarters, and not so much in others.
Kaspersky Lab's big announcements presage its strategy shift
MIS Impact Report - February, 2015
They say only Nixon could go to China, and only Kaspersky Lab could position itself as the counterbalance to North American-based security research. It's walking a careful line between using its research to advance its marketing message and backing that up with technical and intelligence expertise.
Giving ZeroFOX about social threats
MIS Impact Report - February, 2015
Organizations can be attacked through social media in a number of ways, not just through malware aimed at their employees who are using it. ZeroFOX focuses its threat-intelligence services on social-media-based attack vectors – whether the threat is outside or inside the enterprise.
The Black Swans of the security industry
MIS Spotlight - December, 2014
What are the low-probability, high-impact events that could massively change the security industry? At the risk of invoking them by speaking their names, we're listing some. Keep those black-swan detectors powered on, just to be safe.
ThreatConnect reinforces its branding and announces a $4m series A round
MIS Impact Report - December, 2014
When your product brand name becomes bigger than the company name, it makes sense to switch things around. ThreatConnect offers the equivalent of an SAP, PeopleSoft or to chief information security officers.
Private Dell says strategy 'translating into results'
MIS Spotlight - November, 2014
Dell used its annual customer and partner gathering – Dell World – at its home in Austin, Texas, to announce that, one year after privatization, its strategy is yielding strong results. The company believes it is the fastest-growing large-scale integrated IT company in the industry.
Fixing cloud security with this one weird trick?
MIS Spotlight - November, 2014
It's a great time to be in the cloud security market. This report looks at the issues that many organizations face with the cloud, and gives examples of vendors we covered this year that are addressing them.
HP's Application Defender joins the new kids on the block in runtime protection
MIS Impact Report - November, 2014
For better visibility and granular control, forget the perimeter and cozy up to the application. To that end, HP has launched an offering called Application Defender, which the company describes as cloud-based application self-protection.
Waratek announces 'bring your own security' for Azure-based applications
MIS Impact Report - November, 2014
Another vendor in the runtime application security protection market, Waratek offers secure containers for the cloud. The company recently announced its Waratek Locker, which includes a version of Tomcat along with JVM-based protection and is certified for Microsoft Azure.
Denim Group's ThreadFix adds to its box of tricks
MIS Impact Report - October, 2014
The open source tool is proving to be very popular with the application security community. Denim Group has come out with the commercial enterprise version of what used to be solely an open source labor of love, but it also has the capability to bring some dark secrets to light.
BAE turns up its cyber to 11 with reach for SilverSky
TDM Deal Analysis - October, 2014
Bring out your MSSPs! As the market consolidation continues, pure play SilverSky has found a home with defense contractor BAE Systems. The deal comes more than three years after we predicted that Dell's SecureWorks buy would start a round of M&A that would leave few pure-play MSSPs remaining.
BitSight sees the value of intel partner AnubisNetworks and inks its first acquisition
TDM Deal Analysis - October, 2014
It often makes sense to lock up a key partner, especially if rivals are lurking. BitSight's reach for email security and threat intelligence provider AnubisNetworks ensures a steady supply of critical threat intel, and brings 'big data' analytic capabilities and hard-to-find talent.
One-stop shopping for threat intelligence, courtesy of ThreatStream
MIS Impact Report - October, 2014
With ArcSight founder Hugh Njemanze at the helm, the company is increasing its integrations, its feeds and its community – it's also adding an 'APP store' marketplace for third-party threat intelligence. Will the bigger storefront seal the deal?
FireEye as a service, just in the nick of time
MIS Impact Report - September, 2014
As retailer breaches, among others, grab the headlines, more enterprises have been reaching for FireEye. Now with the firepower of Mandiant's investigation and response staff included, the company rounds out its offerings.
Two's pentesting, three's a Bugcrowd
MIS Impact Report - September, 2014
Enterprises are getting penetration tests all the time; they just don't know it and can't control it. Bugcrowd corrals independent researchers to perform safe, responsible testing in return for bounties paid by the willing customer.
Lessons learned about third-party security from the NYC Executive Summit
MIS Spotlight - September, 2014
How do you collect and share the best threat intelligence? Do money-back guarantees make any difference? And has anyone tamed the cloud yet? At the Information Security Executive Summit in New York, we talked about playing nicely with one another.
Enterprise IT Spotlight: threat intelligence
MIS Spotlight - September, 2014
Any sort of information about attacks or attackers is now labeled as 'threat intelligence.' Before investing in the promise of threat intelligence technology, you need to understand what is and is not true threat intelligence, and what decisions the information will drive.
WhiteHat guarantees that it will find all the vulnerabilities, or your money back
MIS Impact Report - August, 2014
Having been in the works for some time, the company's offer echoes other refund promises from the likes of Trustwave. The secret is in standing behind its people. And the question isn't whether you've found more of something – it's whether you've found all of the things.
A hologram approach to website protection from Foresight
MIS Impact Report - August, 2014
The Israeli firm is bringing its variations on the WAF theme with a service that makes it easier to stand up and configure. No, it's not Incapsula, but the confusion is pretty likely to happen.
IBM acquires CrossIdeas for identity management analytics
TDM Deal Analysis - August, 2014
Adding a 'why' to the 'what,' Big Blue picks up Italian vendor CrossIdeas to create an analytics layer for its already extensive IAM suite. IBM went a long way to get this capability, however, when SailPoint was just down the road from its campus in Austin, Texas.
Dishing up threat intelligence for security M&A
TDM Sector IQ - July, 2014
Cisco's acquisition of ThreatGRID may prime the pump for more deals – if the buyers can figure out what they want. When considering possible transactions, threat intelligence may end up being in the eye of the beholder.
Security Innovation acquires Safelight Security to enhance its training portfolio
TDM Deal Analysis - July, 2014
Security Innovation has spent the past several years expanding its application security training. Now, the Massachusetts-based company has decided to add a little more sizzle to its steak, so it has brought in a Top Chef.
Information Security: Research agenda 2014-2015
MIS Spotlight - July, 2014
For every technology out there, security is needed: not just within or around that technology, but also during its use. Thus, the growth of the security market mirrors the explosive growth of IT as a whole. Security's rate of change and ever-increasing complexity make it difficult to predict directions even a year out, or to cover every aspect of it. Nevertheless, the Information Security channel here at 451 Research is ready to embrace as many of the growth areas as possible.
Tell (only) your friends: Vorstack enables peer-based threat intel collaboration
MIS Impact Report - June, 2014
Having legal expertise at the head of the company means having a better chance of making customers' legal departments happy as well. Vorstack is using an approach to threat intelligence collaboration that is bound to assuage a lot of fears.
Is open source the new sexy? Sonatype hits the catwalk
MIS Impact Report - June, 2014
Awareness is growing over the use of open source, helped in part by Sonatype's evangelism – according to the company, as much as 90% of the applications being developed today are being assembled using open source components. But growing awareness also means growing competition.
Arxan and IBM plan to secure all the things
MIS Impact Report - June, 2014
The company just announced an 'enhanced reseller' partnership with IBM as part of the latter's mobile application security offering. Is the market finally ready to address application integrity protection? It's a critical area, but it will need a lot of education.
Is AV the albatross around Symantec's neck?
MIS Spotlight - May, 2014
No, the company didn't actually declare its own antivirus dead – it just said it didn't consider it a moneymaker anymore. At its annual Vision conference, Symantec laid out more of its non-AV plans, but there was still that elephant in the room.
Secure Decisions brings application security testing together
MIS Impact Report - May, 2014
The Northport, NY-based company has been using a DHS grant to make it easier to use the variety of open source and commercial software testing tools available. Which also allows the question to be contemplated: how good are those tools?
The Snowden effect goes commercial
MIS Spotlight - May, 2014
A large risk to enterprises comes not just from employee postings, but from attacks using social media in the form of phishing, fraud and more. But when social media is the vector, the user becomes the perimeter – and monitoring becomes ubiquitous.
With a spoonful of sugar, NT OBJECTives helps the appsec medicine go down
MIS Impact Report - May, 2014
The company has not only broadened its offerings to include mobile security testing as a service, but also has integrations with a couple of strategic development vendors.
State of the State 2014: Application security
MIS Spotlight - April, 2014
This report gives an overview of the current state of the market in application security and how it has evolved in the past year – who's still playing, who's left the field, and who's new.
Hunting the target all the way to the endpoint: Dell SecureWorks' game is on
MIS Impact Report - April, 2014
The MSSP has announced its Advanced Endpoint Threat Detection service (powered by Bit9/Carbon Black), which extends its view into its customers' environment. We take a closer look.
Phishing intelligence from the data mines of Malcovery
MIS Impact Report - April, 2014
The Internet's oldest professions, phishing and malware, are continual problems for any organization trying to protect its brand. Malcovery aims to be the one-stop shop for in-depth intelligence on this and other email-borne threats.
Application security as a service: the 'un-WAF' from Prevoty
MIS Impact Report - April, 2014
The Los Angeles-based startup launched in October 2013 with an approach that tries to split the difference between the rock and the hard place. Dubbing it 'application security as a service,' the company is getting the attention of some big customers.
Signs of progress? Security's 10 greatest hits from 2012-2014
MIS Spotlight - March, 2014
We mulled over a lot of issues in the past two years. Here are the top 10 most-read reports from our security archives, including what we foresaw – and how it turned out.
Veracode's Software Component Analysis adds an application security ingredient list
MIS Impact Report - March, 2014
Is your internally developed code full of externally developed, genetically modified organisms? It's an important piece of the application security puzzle that Veracode is looking to address with its new Software Component Analysis feature.
Quotium Technologies brings clarity to application security testing
MIS Impact Report - March, 2014
The French company has been setting down roots in the US, and is ready to tackle its larger competitors on the grounds of visibility, reliability and ease of use. Quotium also recently attended the 2014 RSA Conference in San Francisco.


Forgotten password?

Not a Subscriber

Apply for a trial account today to obtain access to insight from 451 Research analysts worldwide and experience our products and services first hand.

Apply → Close

Browse By Sector

Select a sector from the list below.

Sector Browser Loading.